Two years of theories and speculation in the cybersecurity research community were confirmed Friday morning: Stuxnet was indeed the first known digital attack launched by a government to destroy another country’s physical infrastructure. And the government that launched it was ours.
As revealed in an extensive report from an upcoming book by New York Times‘ Washington correspondent David Sanger, the Stuxnet malware that has fascinated cybersecurity researchers since it was discovered in the fall of 2010 was in fact built by U.S. and Israeli government agencies and deployed to disrupt Iranian nuclear enrichment facilities. It seems to have worked: One thousand of Iran’s 5,000 enrichment centrifuges were temporarily put out of commission by the malware, and some sources within the Obama administration told the Times that Iran’s nuclear ambitions may have been set back by as much as 18 months to two years.
